Skip to main content
POST
/
api
/
{serviceId}
/
client
/
authorization
/
update
/
{clientId}
Typescript (SDK)
import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.client.management.updateAuthorizations({
    serviceId: "<id>",
    clientId: "<id>",
    clientAuthorizationUpdateRequest: {
      subject: "john",
      scopes: [
        "history.read",
      ],
    },
  });

  console.log(result);
}

run();
{
  "resultCode": "A138001",
  "resultMessage": "[A138001] Updated 1 access token(s) issued to the client (ID = 26478243745571) of the service (API Key = 21653835348762)."
}

Authorizations

Authorization
string
header
required

Authenticate every request with a Service Access Token or Organization Token. Set the token value in the Authorization: Bearer <token> header.

Service Access Token: Scoped to a single service. Use when automating service-level configuration or runtime flows.

Organization Token: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.

Both token types are issued by the Authlete console or provisioning APIs.

Path Parameters

serviceId
string
required

A service ID.

clientId
string
required

A client ID.

Body

subject
string
required

The subject (= unique identifier) of the end-user who has granted authorization to the client application.

scopes
string[]

An array of new scopes. Optional. If a non-null value is given, the new scopes are set to all existing access tokens. If an API call is made using "Content-Type: application/x-www-form-urlencoded", scope names listed in this request parameter should be delimited by spaces (after form encoding, spaces are converted to +).

Response

resultCode
string

The code which represents the result of the API call.

resultMessage
string

A short message which explains the result of the API call.